Unrated severityCISA KEVNVD Advisory· Published Jan 28, 2026· Updated Feb 26, 2026

SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability

CVE-2025-40551

Description

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.

Affected products

SolarWinds/Web Help Deskv5
Range: 12.8.8 HF1 and below

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.solarwinds.com/trust-center/security-advisories/CVE-2025-40551mitrevendor-advisorypatch
documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htmmitrerelease-notes

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.069
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000